Travel Planner Pro

Your AI travel agent that creates detailed itineraries, tracks budgets, plans weather-smart activities, and provides packing and document checklists tailored...

What to consider before installing/running this skill: 1) Inspect and fix the shipped shell scripts before running them. The SETUP-PROMPT and scripts/trip-reminder.sh contain malformed shell code (truncated loops and stray conditionals). Do NOT run them as-is — they may fail or behave unpredictably. Have someone run shellcheck / lint them and correct the logic, or run them in a sandboxed environment (container or VM) first. 2) The SKILL.md contains an explicit prompt-injection defense (good), but the static scanner flagged prompt-injection patterns present in the file. That appears to be the defense wording itself. Still, be cautious when pasting external confirmations/booking emails into the agent and follow the policy: never paste raw passport numbers or credit-card numbers; the skill claims it will only store expiry dates and 'ends in XXXX' for cards. 3) The package includes a dashboard spec and SQL schema referencing cloud DB patterns (Supabase/auth.uid()). Those are optional companion artifacts — they do not automatically send data to the cloud, but if you deploy a dashboard you will need to provide credentials. If you plan to use the dashboard, audit any networked components carefully and provision separate credentials. 4) The project claims an audit and ‘Codex Security Verified’ in README/SECURITY.md. The presence of buggy scripts and incomplete setup code contradicts a polished audit. Treat the audit claim as unverified until you or an independent party confirm the code quality. 5) Operational safety tips: run the skill and any setup scripts in a confined environment (container/VM), back up your workspace before first run, enable disk encryption if storing sensitive docs, and search the repository for any outbound network endpoints (none suspicious were found in this package aside from Open-Meteo and general web search). If you’re not comfortable fixing the scripts, avoid executing them and instead perform the setup steps manually (create directories, copy files, set permissions) based on the README. If you want, I can produce a short checklist of the exact lines in the scripts that look broken and suggest corrected versions you (or a sysadmin) can paste in to repair them.

Type: OpenClaw Skill Name: normieclaw-travel-planner-pro Version: 1.0.3 Travel Planner Pro is a well-structured and security-conscious skill bundle for itinerary management. It includes explicit prompt-injection defenses in SKILL.md and follows privacy-first data handling practices, such as masking sensitive passport information and using local storage with strict file permissions (chmod 600/700). The bash script scripts/trip-reminder.sh and the setup instructions in SETUP-PROMPT.md use safe coding practices, including path validation, symlink checks, and input sanitization to prevent common vulnerabilities like path traversal or shell injection.